How cross signing helps certifcate authories maintain trust. Chain Of Trust >> Cross signing cross signing is when a Established Pubicly Trusted CA {Certificate Authority} Like Global Sign or Comodo now Sectigo Signs the root certificate of another CA this has a few benifits, 1. helps legacy compatability, new CA's Root Certificate may not be widely installed in older phones . pc's and browsers trusted root store. By cross siging the new CA's root certificate becomes widely trusted and backwards compatible. 2. cross signing helps establish trust far more quickly allowing for widespread adoption like in the case of Let's Encrypt they now secure the majority of websites in a short time 13 years as of this post. 3. Root certificate revocation, root certificates have expiry dates usually 10+ when these certificates are up for expiry they use the old widely trusted root to sign the new root certificate, the trust of the old root certificate is passed on using this method. [upl-image-preview uuid=7380ec45-d89b-4722-ae3e-48b9e1cbb360 url=https://techretreat.co.uk/public/assets/files/2025-03-28/1743176678-673171-letsencrypt-socialshare.png alt={TEXT?}]

Certificate Authority Chain Of Trust How It Works >>

Aaron

How cross signing helps certifcate authories maintain trust.
Chain Of Trust >> Cross signing
cross signing is when a Established Pubicly Trusted CA {Certificate Authority} Like Global Sign or Comodo now Sectigo
Signs the root certificate of another CA this has a few benifits,

helps legacy compatability, new CA's Root Certificate may not be widely installed in older phones . pc's and browsers
trusted root store. By cross siging the new CA's root certificate becomes widely trusted and backwards compatible.
cross signing helps establish trust far more quickly allowing for widespread adoption like in the case of Let's Encrypt
they now secure the majority of websites in a short time 13 years as of this post.
Root certificate revocation, root certificates have expiry dates usually 10+ when these certificates are up for expiry they use the old widely trusted root to sign the new root certificate, the trust of the old root certificate is passed on using this method.